Comments on .NET Framework rootkits - backdoors inside your framework TypePad2008-11-13T17:24:51ZRobert A.http://www.cgisecurity.com/tag:typepad.com,2003:http://www.cgisecurity.com/2008/11/net-framework-r/comments/atom.xml/sacha commented on '.NET Framework rootkits - backdoors inside your framework 'tag:typepad.com,2003:6a00e553aa1a288833010535f611fb970c2008-11-14T21:04:27Z2008-11-14T21:20:00Zsachahttp://www.cgisecurity.com/Looks like the time spent to write this paper should have been spent reading .net specs and how assemblies are...<p>Looks like the time spent to write this paper should have been spent reading .net specs and how assemblies are managed by the GAC. Nothing new in this paper. Maybe his next paper will be about his new discovery that you can wipe strong name from assemblies and it&#39;s references and that you can use that to crack licensing in .net apps.</p>Robert commented on '.NET Framework rootkits - backdoors inside your framework 'tag:typepad.com,2003:6a00e553aa1a288833010535f3ad20970c2008-11-13T21:37:57Z2008-11-13T21:38:11ZRoberthttp://www.cgisecurity.com/Yes he states in the paper that you need admin privs. This is just yet another way to backdoor something...<p>Yes he states in the paper that you need admin privs. This is just yet another way to backdoor something in this case a popular development framework. </p>Anonymous commented on '.NET Framework rootkits - backdoors inside your framework 'tag:typepad.com,2003:6a00e553aa1a288833010535f36303970c2008-11-13T19:19:07Z2008-11-13T19:29:16ZAnonymoushttp://www.cgisecurity.com/This paper is completely worthless because you already have to have compromised the system to achieve the attack. It's no...<p>This paper is completely worthless because you already have to have compromised the system to achieve the attack. It&#39;s no different than any other rootkit style attack. He might as well copy his PDF and call it the &quot;Java rootkit attack&quot;. Then do the same and call it the &quot;browser rootkit attack&quot;, etc.</p>
<p>*yawn*<br />
</p>Robert commented on '.NET Framework rootkits - backdoors inside your framework 'tag:typepad.com,2003:6a00e553aa1a288833010535f33a55970c2008-11-13T18:16:59Z2008-11-13T18:17:14ZRoberthttp://www.cgisecurity.com/This text is from their announcement. We're in agreement.<p>This text is from their announcement. We&#39;re in agreement.</p>kazoolist commented on '.NET Framework rootkits - backdoors inside your framework 'tag:typepad.com,2003:6a00e553aa1a288833010535ecafa3970b2008-11-13T18:09:42Z2008-11-13T18:16:05Zkazoolisthttp://kazoolist.blogspot.comThis sounds like it would be better summarized as "covers a new method that enables an attacker to change the...<p>This sounds like it would be better summarized as &quot;covers a new method that enables an attacker to change the .NET RUNTIME, and to hide malicious code inside its core.&quot;</p>
<p>Saying &quot;change the .NET language&quot; doesn&#39;t make a lick of sense.</p>